941 matches found
What Is Cybersecurity in Space?
Satellites, drones, and 5G space links now support critical services such as air traffic, finance, and weather. Yet most were not built to resist modern cyber threats. Ground stations can be breached, GPS jammed, and supply chains compromised, while no shared list of vulnerabilities or safe testi...
FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage
Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily using control flow edge coverage, which can overlook bugs n...
Breach Highlights AI and API Vulnerabilities in Software Supply Chains
...
DNSSEC validation may accept broken authentication chains
...
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage
Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks. "The adversary has also shown considerable ability to quickly...
Towards Scalable and Interpretable Mobile App Risk Analysis Via Large Language Models
Mobile application marketplaces are responsible for vetting apps to identify and mitigate security risks. Current vetting processes are labor-intensive, relying on manual analysis by security professionals aided by semi-automated tools. To address this inefficiency, we propose Mars, a system that...
Linux Distros Unpatched Vulnerability : CVE-2022-50212
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: do not allow CHAINID to refer to another table When doing lookups for chains on the same batch by using its ID, a chain from a different...
Jailbreaking Commercial Black-Box LLMs with Explicitly Harmful Prompts
Evaluating jailbreak attacks is challenging when prompts are not overtly harmful or fail to induce harmful outputs. Unfortunately, many existing red-teaming datasets contain such unsuitable prompts. To evaluate attacks accurately, these datasets need to be assessed and cleaned for maliciousness...
Exploit for Deserialization of Untrusted Data in Cisco Identity_Services_Engine
CVE-2025-20124 – Cisco ISE 3.0 Java Deserialization Remote Cod...
Linux Distros Unpatched Vulnerability : CVE-2025-22874
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains whic...
Linux Distros Unpatched Vulnerability : CVE-2022-48579
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. CVE-2022-48579 Note that Nessus relies on the presence of th...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813 Exploit Toolkit This is an advanced and automa...
The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades
Smart contract upgrades are increasingly common due to their flexibility in modifying deployed contracts, such as fixing bugs or adding new functionalities. Meanwhile, upgrades compromise the immutability of contracts, introducing significant security concerns. While existing research has explore...
Security update for pdns-recursor (important)
openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2025:0251-1 Rating: important References: 1231292 Cross-References: CVE-2024-25590 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...
U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm
The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology IT worker scheme designed to generate illicit revenues for Pyongyang. The...
CVE-2025-53638
Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return...
CVE-2025-53638
Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return...
CVE-2025-53638
CVE-2025-53638 (Solady) affects the Solady library for Solidity snippets. From versions 0.0.125 up to 0.1.23, deploying an account via a proxy and calling its initialization with regular Solidity may silently fail if the initialization function does not return a bool or other data. The root cause...
CVE-2025-53638 Solady lacks extcodesize validation on implementation in ERC4337Factory
Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return...
CVE-2025-53638 Solady lacks extcodesize validation on implementation in ERC4337Factory
Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return...